Following the Wh1t3 Rabbit - Practical Enterprise Security

Enterprise Security organizations often find themselves caught between the ever-changing needs of the agile business, and the ever-present, ever-evolving threats to that business. At the same time – all too often we security professionals get caught up in “shiny object syndrome” which leads us to spend poorly, allocate resources unwisely, and generally de-couple from the organization we’re chartered to defend. Knowing how to defend begins with knowing what you’ll be defending, why it is worth defending, and who you’ll be defending from… and therein lies the trick. This blog takes the issue of enterprise security head-on, challenging outdated thinking and bringing a pragmatic, business-aligned, beyond the tools perspective … so follow the Wh1t3 Rabbit and remember that tools alone don’t solve problems, strategic thinkers are the key.

Rafal (Principal, Strategic Security Services)

Hallway Con - The real reason your security employees go to conferences

Have you ever attended a professional conference only to find yourself spending more times talking to your peers in the hallways than in the actual structured tracks?  I've done it, and I am seeing it happen more and more in the industry so I want to familiarize you with this thing we refer to as Hallway Con and why you need to care.

Discover Security in Las Vegas



Hi everyone - I thought I'd take this chance to let you know that HP Discover is coming up, and this year it's once again in beautiful Las Vegas from June 4th - 7th.  You already know I'll be there hopping around the show floor and talking security, cloud, and IT [Security] Performance - so I hope that you'll come see my session on Cloud Security [ BB2873 - "Security Considerations for the Cloud" / Master the Cloud Series - 6/5 2:45pm ] and meet up to podcast, record some video, and talk shop.


Whether you're an HP customer or not (and let's face it, most of you are in some form or another!) if you can make it to only one IT event this year, Discover Vegas should be on your short list.  There will be more than 800 breakout sessions, technical hands-on labs, business breakouts, track sessions and keynotes to choose from.  There are  approximately 200 sessions specific to software, as well as numerous security-specific offerings.  Check out the online catalog for the full listing of event sessions.  If you'll recall, I promised you that I'm working hard to make sure security is a high-priority topic here at the mothership ... come see what we've done with it, and why it should absolutely matter to you.


Look, whether you're the CIO, the AppDev Manager, a developer awakening to DevOps, or a security engineer or CISO trying to figure out how to take as much technical risk out of the lot of it as possible - this is the place you want to be.  Enterprise security begins with enterprise software, and we've got it in spades at HP Discover Vegas.  If you've got a bunch of HP software in house already, you'll want to come see some of the sessions from the experts on how to tweak, configure and fine-tune your software to work better together providing unparalleled levels of risk management and better overall security.  If you're new to HP or not a customer - now's the best time ever to figure out what we're all about as we put our best foot forward on topics of security, automation, system management and other topics you really care about.


To this end, I asked our product managers to select a subset of security sessions that are the cream-of-the crop of the many offered at Discover Vegas. These sessions are all designed to give you tools, best practices and teachings that you can take back to your IT department and use to proactively and effectively reduce risk in your company.


 Session Name Session ID Audience Session Type Highlights 
The New IT Performance Suite: Get the Insight and Confidence it Takes to Always Perform Better TK3056 All Track keynote Join a senior HP Software products executive to hear how the IT Performance Suite helps IT perform better and more securely than ever. 
Top IT Trends and Their Impact on Security BB2515 Business Business breakout Hear about major trends that will transform the way that you do business.
Getting an Overview of the Enterprise Threat Landscape TB2145 Technical Technical breakout See results from the HP DVLabs threat report and correlate findings with attack methods used today. 
Defend Against Cyberattacks by Anonymous BB2661 Business Business breakout Understand what motivates hackers and activists and the tools they use—see how you how HP Enterprise Security can bolster defenses. 
Social Networking: Risky for the Enterprise? BB2585 Business Business breakout Hear about benefits and security risks inherit in social networking across all business verticals. 



As if that wasn't enough - check out this video ... 

Following the Wh1t3Rabbit - Sector 2010

So another SecTor is in the books, and a part of history.  Another year, another great conference put on in a classy city.  What I specifically enjoy about this conference north of the border is that attendees come to particpate and converse rather than just sit, listen, nod and leave.

OWASP AppSec USA - Day 1 - Recap

Hi everyone, as day 2 of the OWASP AppSec USA in Irvine is about to kick off I thought I should quickly summarize what happened yesterday for the benefit of those that missed the conference.  For the record, if you're able to make it to an OWASP conference, you should go if you work in Web Application Security.  These conferences offer very real, grounded discussions in technology and methodologies - what's more though... the hallway discussions and dinner conversations are priceless.

Welcome to the Jungle

As many of you have become aware, Mike Bailey (@mckt_) pulled me into giving a talk at Defcon 18 a week or so ago. The talk was (re)titled "The WebAppSec Fail Fireside Chat", and apparently a lot of people wandered in and had a blast with us!
About the Author(s)
Follow Us
Twitter Stream

Community Announcements
HP Blog

Technical Support Services Blog

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation